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CHAPTER  1 


INTRODUCTION  AND  BACKGROUND 

1 . 1 The  subject  of  redundancy  has  been  a popular  topic  for  papers  on  reliability  since  the  late  1950’s. 
Most  prooably  Von  Neumann's  contributions  in  the  1940’s  relative  to  the  application  of  Majority 
Voting  schemes  to  computers  provided  the  nucleus  for  much  of  this  work  (although  his  original  efforts 
were  not  concerned  primarily  with  improving  electronic  hardware  reliability).  Although  many  authors 
wrote  on  the  more  simplistic  features  of  redundancy,  three  stand  out  as  those  who  are  referenced 
frequently  in  papers  by  other  authors:  Balaban  (4)*,  Moskowitz  (28),  and  Kneale  (25).  They  wrote 
primarily  about  unattended  redundant  systems,  for  the  most  part  ignoring  the  effect  of  sensing  and 
switching  elements.  The  impact  of  such  factors  was  considered  later  by  such  people  as  Grisamore  (11) 
and  Aroian  (2).  In  all  of  these,  the  figures  of  merit  of  concern  were  Reliability,  expressed  as  the 
probability  that  the  systems  would  remain  operational  over  a given  period  of  time,  and  Mean  Time  to 
First  System  Failure. 

In  the  early  1960’s,  interest  began  to  center  on  formulations  for  redundant  systems  which  were 
maintained.  At  this  time,  the  traditional  reliability  figures  of  merit  were  augmented  by  an  additional 
figure  of  merit  called  Availability.  During  this  era  the  primary  tool  used  was  the  Markovian  process. 

The  foremost  pioneer  investigators  in  the  area  of  maintained  systems  were  Barlow  and  Hunter  (6), 
who  introduced  what  is  now  Known  as  the  Avai'ability  measures  (both  time  dependent  and  limiting) 
for  full  on  systems.  Shortly  thereafter,  Epstein  a, ’id  Hosford  (17)  for  the  first  time  defined  the 
reliability,  probability  of  no  system  failure  over  a oeriod  of  operating  time,  and  mean  time  to  first 
failure  of  both  full  and  standby  redundant  configurations.  Later  Dick  (12)  defined  the  Availability 
figures  of  merit  for  a group  of  two  unit  redundant  systems  under  different  operational  scenarios. 

The  Markovian  Procedure  was  in  general  rather  cumbersome  to  use  and  as  a consequence,  in  the 
years  that  followed,  approximation  procedures  were  a topic  of  quite  a few  papers;  for  example, 
McGregor  (27),  Applebaum  (1),  and  Einhom(16).  Dick(13)  was  the  first  to  develop  a rather  simple 
approach  to  evaluate  the  mean  time  to  first  failure  of  a full  on  redundant  system 

The  purpose  of  this  report  is  twofold: 

(a)  to  present  the  information  and  tools  necessary  to  evaluate  most  of  the  types  of 
redundancy  problems  with  which  a reliability  engineer  is  faced; 

(b)  to  present  new  simplified  approaches  to  redundancy  analyses  which  provide  time  savings 
compared  to  the  classical  methods. 

As  indicated  previously,  many  papers  have  been  published  about  redundancy.  Most  arc  repetitious, 
except  for  minor  variations.  Those  that  are  noi  repetitious  are  published  in  various  reports  or 
symposium  proceedings,  widely  separated  by  years. 

To  the  typical  analyst  charged  with  the  evaluation  of  the  reliability  of  a redundant  method,  this 
presents  serious  problems.  What  is  required,  and  part  of  the  subject  to  which  this  document  pertains, 
is  a survey  of  the  basic  redundancy  literature  to  make  available  in  a single  document,  information  such 
that  the  vast  majority  of  redundancy  design  applications  encountered  can  be  evaluated. 

For  the  most  part,  the  most  widely  used  and  strongest  evaluation  techniques  available  are  complex 
and  time-consuming  to  apply  (especially  for  repairable  redundant  networks).  This  document  contains 
unique  evaluation  approaches  and/or  results  which  are  in  many  instances  less  complex  and  less 
time-consnming  than  the  traditional  approaches. 

A summary  of  the  subjects  covered  in  this  thesis  is  shown  in  Table  1.1. 

1.2  Background 

In  order  to  cope  with  the  military  technological  developments  of  the  past  fill  ~n  years,  electronic 
systems  have  been  compelled  to  expand  in  both  size  and  complexity  at  a rapid  >ate.  Of  equivalent 
importance  to  the  need  for  this  growth  has  been  the  coincidental  need  for  greater  system  reliability  and 
maintainability.  As  military  and  space  requirements  necessitate  the  construction  of  even  more 
complex  systems,  the  contemporary  philosophies  of  reliability  and  maintainability  will  become 
inadequate  for  the  successful  performance  of  mission  objectives.  The  most  severely  affected  systems 
will  be  those  on  which  maintenance  cannot  be  performed,  such  as  satellite-borne  systems,  and 
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TABLE  f.1 


A SUMMARY  Of-  REDUNDANCY  TOPICS 


NON -REPAIRABLE  SYSTEMS 

Full  on  Redundancy 

• Traditional  Approach 

* State  Analysis  Approach 


Standby  Redundancy 

• Traditional  Approach 

• Perfect  Switching 

• Imperfect  Switching 


REPAIRABLE  SYSTEMS 

Full  on  Redundancy 

• Markovian  Approach 

• Combined  Unit  Approach 

• Expectation/Transition  Approach 

• System  Failure  Rate  Approach 

• Periodically  Maintained 
Systems 

• Impact  of  Redundancy  on 
Maintainability 


Efficient  Levels  of  Redundancy 


Standby  Redundancy 

* Markovian  Approach 

• Expectation  Transition  Model 


strategic  military  systems  where  the  luxury  of  even  a small  down  time  cannot  be  afforded.  At  this 
time,  the  only  recourse  to  such  situations  is  the  creation  of  components  of  increased  reliability  or  the 
application  of  redundancy. 

In  order  to  increase  the  reliability  of  complex  electronic  systems,  a constant  effort  is  made  to 
improve  the  reliability  of  the  component  parts  comprising  s.<ch  systems.  The  rate  of  improvement  of 
component  part  reliability,  however,  lies  significantly  below  the  rate  of  increase  of  system 
complexity.  In  addition,  it  must  be  realized  that  the  attainment  of  100%  reliability  for  a component 
part  is  impossible.  The  only  recourse  then  is  redundancy  (the  addition  of  duplicate  elements). 

Redundancy  may  be  achieved  in  many  ways.  Each  has  its  advantages  (reliability  gain)  and  its 
disadvantages  (the  number  of  duplicative  dements  required  which  impact  on  total  system  weight, 
cost,  volume).  The  purpose  of  this  report  is  to  explain  the  rationale  for  each  type  of  redundancy 
considered  and  to  develop  means  of  evaluation  such  that  the  reliability  potential  of  each  may  be 
assessed  and  tradeoffs  made. 

1.2.1  Measures  of  Reliability 

The  following  reliability  measures  will  be  used  in  this  study.  (I)  Mean  Time  to  Failure  M;  (2) 
Probability  of  Failure  free  operation  for  specified  time  t.  denot^  d by  R(l);  (3)  P(t),  the  probability  that 
a system  will  be  functioning  at  time  t.  For  the  non-maintained  system  R(l)  =•  P(t)  and  for  the 
maintained  system  R(t)  ^ P(t). 

The  following  relationships  exist: 


Hence: 


M=  dt  (1.3) 

Pi 


Integrating  by  parts: 

M"  - t R(t) I ” + /°R(t)dt  (1.4) 

0 0 


Now  O'R(O)  = 0 and 

t 

- / h(x)dx 
R(t)«*  lim  t e 0 

t-*»  ->  0 


W(x) 
R(x)  ' 


R(t)dt  (1.5) 


lim  t 


where  h(x)  denotes  the  hazard  rate,  i.e.  h(x) 
Hence: 

00 

M=*  / 

0 


1.2.2  Definition  of  R(ff 

Since  the  expression  for  R(t)  is  a probabilistic  function,  its  formulation  will  involve  the 
combination  of  probabilities  (Reliabilities)  of  success,  or  survival  (over  a given  period  of  time),  for  all 
the  units  making  up  the  system  in  question.  Where  redundancy  does  not  exist,  the  failure  of  any  one 
unit  results  in  system  failure  and  R(t)  is  comprised  of  the  product  of  the  reliabilities  (probabilities  ot 
survival  for  a given  period  of  time)  of  all  units  comprising  the  system. 


R(t)  wR(t), 

i " l 


(1.6) 


When  the  system  is  composed  of  redundant  units,  numerous  possibilities  for  system  survival  exist 
(with  no  redundancy  the  system  can  survive  only  if  ho  units  fail  in  the  given  period  of  time),  hence 
R(t)  must  be  defined  in  terms  of  complex  combinations  of  probabilities  rather  than  as  a simple 
product.  For  this  reason,  the  following  section  on  simple  probability  theory  will  serve  as  necessary 
background  for  the  definition  of  R(t). 

1 .2.3  Probability  Basics 

Given  tw?  mutually  exclusive  events  A and  B,  the  probability  of  either  occurring  is  the  sum  of  their 
probability, 

P(A+B)=-  P(A)  + P (B) 


r~ 


This  follows  from  the  fact  that,  in  general,  if  we  have  K mutually  exclusive  events  B,,B2,Bj,  . . . Bk, 
then: 

P(B1+Br.Bk)-  I^P(B1) 


If  two  events  exist  that  are  not  mutually  exclusive  (say  A and  B),  the  probability  of  one  or  more 
occurring  is: 


P(A+B)«  P (A)  + P(B)  - P(AB) 


For  three  such  events: 

P(A+B+C)*»  P (A)  + P(3)  + P(C)  - P (AC)  - P (AB)  - P(BC) 

+ P(ABC) 

Generalizing  to  K non-mutually  exclusive  events  B,,  B2  . . .BK,  the  probability  of  one  or  more  of 
the  events  occurring  may  be  defined  as: 

P(B,  + B2  . . .B  ) ~ £ P(B.)  - P(B,B2) 

- P(B,B3)  - . . . .P(Bk1Bk)  + P(B,82Bj) 

+ P(B,B2B4)  + P(Bk.jBk.|Bk)  + 

+(-l)Kl  P(B,B2  ...Bk) 

If  events  A,,  Aj,  A,  . . ,AK  are  independent  and  the  probability  of  occurrence  of  all  events  is 
desired,  the  probability  that  all  occur  P^AjAj  . . .AK)  may  be  calculated  as: 


P(A,A;  . . .AK;  = n P(A,) 

I - 1 


Equating  the  term,  event,  with  either  a failure  or  a success  and  the  probability  of  an  event  with  the 
probability  of  failure  or  the  probability  of  success,  the  relationship  between  R(t)  and  probability 
theory  is  immediately  evident. 

1.2.4  TThe  Block  Diagram 

In  order  to  complete  the  picture  for  evaluation  of  R(t),  the  concepts  of  probability  must  be  applied 
to  the  system  block  diagram.  From  the  reliability  block  diagram,  and  the  definition  of  each  block’s 
reliability  (probability  of  survival  fer  a given  period  of  time)  an  expression  defining  system  reliability 
may  be  developed. 

Figure  1 . 1 shows  such  a block  diagram  made  up  of  two  units,  A and  J.  The  system  will  operate 
successfully  if  either  unit  A or  unit  B or  both  units  are  operative  and  will  be  considered  as  failed  if 
both  A and  B fail. 


Let  us  consider  the  event  that  A survives  a period  of  operation  and  define  the  probability  of  such  an 
event  as  R(tA). 

Let  us  consider  the  event  that  B survives  a period  of  operation  and  define  the  probability  of  such  an 
event  as  R(t„). 

Note  that  the  survival  or  failure  of  either  A or  B does  not  and  will  not  affect  the  survival  or  failure  of 
the  other,  hence  A and  B are  considered  independent. 

Note  also  that  just  because  unit  A survives,  unit  B does  not  have  to  fail  and  vice  versa  (both  units 
can  fail  or  survive);  hence  the  events  are  not  mutually  exclusive. 

Therefore,  the  probability  of  system  survival  is  equal  to  the  probability  that  A or  B or  both  survive. 

P(A+B)»  P(A)  + P (B)  - P (AB) 


R(t)“  R(tA)  + R(tB)  - R(tA)-R(tB) 


Figure  1.2  shows  a block  diagram  made  up  of  three  units:  A.B,  and  C in  series.  The  system  will 
operate  successfully  only  if  all  three  units  are  operative.  The  system  will  fail  as  soon  as  one  of  the 
three  fails. 

Let  us  consider  the  events  that  A,  B,  and  C survive  a period  of  operation  and  define  respectively  the 
probability  of  such  an  event  for  each  R(tA),  R(t,j),.R(lc). 


or 


P(A,  B,  C )-  P(A) 'P(B) *P(C) 

R(!:)-  RCtA)-RCtB)*R(tc) 


1.2.5  Types  of  Redundancy: 

The  discussions  that  follow  will  concern  themselves  with  two  basic  classes  of  Redundant  Systems: 

A.  Systems  which  are  redundant  and  which  are  non-maintained  (failed  units  of  a redundant 
complex  are  not  repaired  or  replaced).  This  situation  is  common  to  unattended  applications, 
i.e.,  an  unmanned  field  site,  a satellite  etc. 

B.  Systems  which  are  redundant  and  maintained  (failed  units  of  a redundant  complex  are 
repaired  and  replaced).  This  situation  is  common  to  attended  applications,  i.e.,  manned  site. 

For  each  class  several  types  or  varieties  of  redundancy  are  considered.  In  all  cases  we  will  assume 
that  the  units  have  times  to  failure  Slaving  an  exponential  distribution  described  by  the  probability 
density  funet^n: 


r(tpA)«  Ae~Xt  t > 0 

A > 0 

A®  failure  rate  of  unit 
t®  operating  time  in  question,  and 


R(t)®  / r(t,A)dt-  e ® probability  that  unit  will  not  fail 

t 

during  operating  time  t. 
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CHAPTER  2 

RELIABILITY  MODELS  FOR  MON-REPAIRABLE  SYSTEMS 


i 


l 

! 


2.1.  Full  on  Redundancy  (Single  Unit  Nccess'  ry  For  Survival) 

The  most  widely  discussed  form  of  redundancy  for  a situation  not  involving  repair  has  been  a 
series  arrangement  of  a number  of  (N)  redundan  elements  as  shown  in  Figure  2. 1 . In  this  type  of 
redundancy,  all  L‘N  units  are  continuously  energized/  and  it  is  assumed  that  so  long  as  at  least  one. 
unit  is  functioning  properly  on  each  of  the  L cascaded  subsystems,  the  system  as  a whole  will  operaf'‘ 
successfully.  The  reliability  of  such  a redundant  system  is  obtained  as  follows: 

Let:  L- ' number  of  cascaded  subsystems  composing  the  system. 

N=  number  of  continuously  energized  units  comprising  each  subsystem. 

A=  failure  rate  of  each  redundant  unit. 

(For  convenience,  N and  A arc  taken  to  be  the  same  for  all  units  comprising  the  system). 

’*  - Hence  the  term  Fuli  on  Redundancy. 


r 


r 


We  assume  that  the  failure  rate  of  each  unit  is  given  by  an  exponential  distribution  with  parameter 
X.  Then  we  have: 

— The  reliability  of  any  unit  (i)  equal  R(t.)  = e Ktt. 

— [The  probability  of  any  unit  failing  in  time  t)  = l-eM.  u 

— [The  probability  of  all  N units  in  a subsystem  failing  in  time  t]  = U ~e  T • 

— The  probability  of  at  least  one  unit  in  a given  subsystem  surviving  = [ ! -(l  - e ) J. 

The  probability  of  all  L subsystems  having  at  least  one  operating  unit  is  thus  given  by: 

R(t)  « [1-  (l-e'x,)N]L  (2-1) 

As  shown  earlier,  the  mean  time  to  failure  is  J * R(t)dt.  Therefore,  the  system  mean  time  to 
first  failure  is: 


i i 

1 


M- 


;U-  oe"u)N}Lat 


(2.2) 


After  some  manipulations,  (see  Appendix  A),  this  expression  reduces  to  the  following  simple 
form: 


L k+1  L kN 

M-  1/A  Z (--1)  Q Z 1/s 

k-1  s=l 


(2.3) 


The  quantity  of  interest,  AM,  where: 


, MTBF  of  the  system 
MTBF  of  a unit  • 


is;  ihus  given  by: 


AM- 


L 

Z 


kN 


(*i)Ml  (h  z 

k»l  s= 1 


1/s 


(2.4) 


The  mean  times  to  failure  of  redundant  systems  which  selected  values  of  N and  L are  shown  in 
Figure  2.2.  As  can  be  noted  from  this  Figure,  order  of  magnitude  increases  in  system  mean  life  over 
element  mean  life  are  not  possible  unless  extremely  large  values  of  N are  employed  ..  . 

A special  case  is  considered  when  L=  i . Tins  defines  a single  subsystem  composed  of  N parallel 
(redundant)  units.  It  follows  from  £quat;  <n  (2.1)  that  the  relationship  depicting  reliability  is. 


4 


R(t.)«  1-  (L-e“Xt)N 


(2.5) 


NL 


NL  = Total  number  of  components  in  system.  A factor  of  5 .movement  of  redundant 

System  mean  Ufa  over  simplex  system  mean  life  may  be  found  by  multiplying  the  value 
etermined  for  XM  by  L.  \=  failure  rate  of  a single  system  element:  M = system  mean 
life 

i 

Figure  2.2.  XM  Relationships  For  Full  On  Systems 


' w^h  corresponding  meantime  to  first  failure: 


i 


Note  that  when  N—  2,  the  familiar  2 unit  redundancy  example,  we  have: 


M" 


3 

Tx 


The  above  equations  provide  a means  to  develop  the  R(t)  relationship  for  a system  containing  L 
subsystems  each  with  a different  number  of  units  N in  parallel.  Thus: 

L r -Xt  Ni 

SCt)-  n U-  (l-e  Xt)  x]  (2.7) 

i-l 

with  corresponding  mean  time  to  first  failure  given  by: 


“ L 

M«  / II  [1-  (l-e"'AC)  Idt  (2.3) 

0 i-1 


2.2  Binomial  Redundancy  (multiple  operating  units  required);  Full  on  Redundancy 

This  type  of  redundancy  is  identical  to  the  one  described  above  except  that  the  system  may  be 
considered  as  a large  subsystem  composed  of  N fully  energized  parallel  units  and  requires  a minimum 
of  D(D«cN)  operating  units  (non-failed  units)  in  order  to  operate. 

This  type  of  a system  may  be  described  probabilistically  by  the  binomial  distribution: 

*Ct)«  £ (!WXt)k(l-e”Xt)N~k  (2.Q) 

k-D 


with  corresponding  mean  time  to  first  failure  given  by: 


N 

M"  /WR(t)dt-  1/X  l 1/k 
0 k-D 


(2.10) 


2.3  State  Transition  Model:  Full  on  Redundancy 

An  alternate  means  of  developing  the  relationship  for  mean  time  to  fust  failure  is  to  consider  the 
concept  of  system  states  and  the  concept  of  transition  from  one  state  to  another. 

The  system  starts  out  initially  with  N units  operating.  Since  we  are  not  considering  the  concept  of 
repair  in  this  particular  situation,  the  system  will  experience  a unit  failure  and  be  reduced  to  (N-l) 
operating  unite;  will  eventually  experience  a second  unit  failure  and  be  reduced  to  (N-2)  operating 
units,  etc.,  until  only  D unils  arc  operating.  The  next  failure  which  occurs  results  in  only  (D-l)  units 
operating  astd  will  cause  the  system  to  fail. 

Let  Eh*  (k  = 0,1, . . .N— D 1- 1)  represent  the  state  that  the  sy:  un  has  (N-k)  units  operating.  Since 
this  is  a non  repayable  system,  the  system  will  transition  from  state  E* » to  state  - Each  state  has 
an  average  time  to  transition  into  the  next  possible  state  (ENk  to  E*  k l)  given  by: 
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- l/A(N-k) 


M(N-k/N-k-l) 


A-  failure  rate  of  each  unit. 

Since  the  transitions  must  occur  in  sequence,  the  mean  time  to  transition  from  state  Em  to  E^.,  is  given 
by: 


N-D 

M"  k-o  M(N“k/N"k"1)”' 


N-D 

I 1/ A (N-k) 
k-0 


N 

- 1/A  E 1/k 
k-D 


and  which  corresponds  to  equation  (2.10). 
Normalizing  as  before  yields: 


N 

AM-  £ 1/k 

k-D 


(2.11) 


Figure  2.3  shows  a plot  of  reliability  improvement  for  this  type  of  redundancy. 


2.4 


Standby  Redundancy  (single  unit  necessary  for  survival) 

A second  type  of  redundant  system  which  possesses  a similar  configuration  to  the  system 
previously  described,  but  employs  switched-in  redundancy  is  that  illustrated  in  Figure  2.4. 

In  this  instance  only  one  clement  of  each  of  the  cascaded  subsystenrs  is  activated  at  a time.  Upon 
failure  of  this  element,  the  next  element  of  the  subsystem  will  automatically  be  switched  into 
operation.  Until  such  a switch  occurs,  the  standby  clement  is  not  energized  and  hence  a failure  rate 
A—  0 is  assumed.  In  order  to  hypothesize  an  upper  bound  for  the  reliability  of  such  a system,  the 
failure  rate  of  the  switching  device  will  be  equated  to  0. 

In  this  model,  the  successive  failures  form  a Poisson  process  with  rate  A.  Then  the  reliability  of  L-ie 

system  will  be  given  by:  „ , 

N--1 

R(t)-  E P(r,t) 
r-0 


N-l 


- £ 

r=0 


-At 


r! 


(2.12) 


where  P(r,t)  — Probability  of  r failures  in  time  t and  At  represents  the  number  of  failures  expected  in 
die  time  period  t,  and  N the  number  of  redundant  units  composing  each  subsystem. 

Since: 


/V Xt  dt-  1/A 

0 r! 


1 1 


and 


AM-  N. 


The  reliability  of  a system  composed  of  L such  subsystems  may  be  shown  to  be: 


N-l 


r _ L 


lot)-  [e”*1  I 

r-0  r! 


The  mean  time  to  first  failure  of  such  a system  is  given  by: 


M-  /“  R(t)  dt-  /Te_At  E dt 

0 0 r-0  r! 


Figure  2.4.  Switcheri-ln  Redundancy  Example 
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(2.14) 


(2.15) 


(2.16) 


I 


i 


j 

j 

I 


A general  evaluation  of  this  equation  for  various  values  of  L and  N is  difficult.  However,  if  a 
specific  value  of  N is  stipulated,  an  explicit  form  can  be  obtained  for  any  value  of  L by  a series 
expansion. 

Let  N=  2,  then: 


m-  ^ Jdt 

0 r-0  r! 

. s~  ut  c l ^>-)L  dt 

0 r-0  r! 


« /“a"  LXr(l  + Xt)L  dt 

0 

- /V  Ut  T.  (S  (Xt)r  dt 

0 r-0 


L 

— £ 

r-0  XL 


U 

(r+1) 


(L-r)! 


(2.17) 


where  the  last  equation  is  obtained  by  integration  by  parts. 

A plot  of  improvement  of  N=  2 appears  in  Figure  2.5.  In  order  to  more  easily  evaluate  the  orders  of 
improvement  in  mean  life  realb  *(1  in  this  type  of  redundancy,  a comparison  on  a subsystem  level  is 
made  in  Figure  2.6  of  this  concept  of  redundancy,  vs.  the  concept  depicted  in  Figure  2.3. 

As  may  be  noted  from  Figure  2.6,  greater  increases  in  magnitude  in  system  mean  life  over  element 
mean  life  may  be  realized  by  utilizing  this  concept  rather  than  the  full  on  redundancy  concept 
previously  described. 

Examining  this  redundant  design  carefully,  it  becomes  obvious  that  sensing  devices  arc  necessary 
to  detect  each  failure,  and  switching  mechanisms  arc  reqi  ired  to  activate  and  deactivate  elements.  )n 
practical  situations,  the  present  limits  on  the  reliability  of  conventional  sensing  and  switching  devices 
limit  the  reliability  potential  of  the  scheme. 

2.5  Standby  Redundancy:  D operating  Units  Necessary  for  Survival. 

Another  form  of  binomial  rcdunancy  may  be  encountered  when  the  system  (subsystem)  is 
composed  of  N identical  units.  A subset  of  1)  units  out  of  N is  chosen  to  form  a working  system 
(subsystem).  Elements  of  the  working  system  (subsystem)  which  fail  may  be  replaced.  The  units 
which  are  not  a part  of  the  working  system  are  assumed  to  be  standby  units  and  have  a failure  rate  X~ 
0.  It  is  assumed  that  failure-free  switching,  sensing,  and  interconnection  methods  are  utilized  in  order 
to  determine  an  upper  bound  reliability  for  this  system  type. 

In  this  type  of  redundant  system,  since  D units  arc  always  working,  the  failures  of  this  subsystem 
form  a Poisson  process  with  rate  AD.  Then  the  system  reliability  will  be  the  probability  that  the  system 
has  a maximum  number  (N~D)  of  failures  in  the  time  period  t,  i.e.: 
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r<Hrmrti—i  .wren  n n vm  ..  . 


iWi 


N-D 

L P(N(t)-  k) 
k-0 


R(t)- 


whcrc 


N-D 


- Z 

k-0 


e~  PXt(mt)fc 
k! 


- DAt 


N-D 

Z 

k-0 


k! 


\ 
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N(t)=  the  number  of  failures  in  the  time  period  t. 

N=  total  number  of  elements  composing  the  system. 

D=  number  of  elements  necessary  for  the  system  to  operate. 
\=  failure  rate  of  eac'i  operating  element. 


(2.18) 


NL  = total  number  of  units  in  system 


A figure  of  improvement  of  redundant  system  mean  life  over  simplex  system  mean  life 
may  be  found  by  multiplying  the  value  determined  for  \M  by  L.  A=  failure  rate  of  a single 
system  unit:  M - system  mean  life. 

Figure  2.5.  \M  Relationship  for  Standby  Redundancy 


2.6  Reliability  of  Parallel  Units  when  the  Reliability  of  Switching  is  Considered. 

In  the  previous  sections,  we  have  discussed  the  reliability  of  non-repairable  redundant  systems, 
ignoring  the  failure  rate  of  any  sensing  or  switching  mechanisms.  As  such,  the  previous  evaluation 
and  analysis  procedures  should  be  considered  as  providing  an  upper  bound  for  system  reliability. 

Various  ways  have  been  suggested  through  which  the  failure  rates  of  sensing  and  switching  devices 
can  be  accounted  for  in  the  analysis  of  redundant  systems.  These  range  from  simply  adding  a failure 
rate  increment  equal  to  the  failure  rate  of  a switching  and  sensing  device  to  the  failure  rate  of  one  or 
more  redundant  units,  to  analysis  procedures  which  take  into  account  the  operational  modes  of  the 
sensing  and  switching  device.  The  following  is  an  example  of  the  latter  (for  a two-unit  redundant 
system)  which  pro\  ides  information  on  how  such  an  analysis  may  be  performed,  and  also  provides 
some  insig>.t  into  the  complexities  of  the  analysis. 

Consider  units  A and  B connected  in  a standby  parallel  configuration.  If  either  A or  B is  functioning 
and  properly  connected,  the  required  system  function  is  realized.  The  sensor/switch  S provides  the 
necessary  connection,  disconnection  function. 

If  A fails,  S senses  this  failure,  and  if  S is  operating  properly  it  switches  to  B.  The  system 
composed  of  A.B,  and  S operates  as  follows: 


jttfraiih-iiii'  imrfinrftwii 


JMfr. mib 
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a.  If  S operates  properly , it  checks  A.  If  A has  failed,  it  turns  on  B.  S is  then  in  a fail  safe  position. 
The  system  operates  until  B fails. 

b.  S fails  (and  no  switch  possible)  while  A is  operating.  The  system  operates  until  A fails. 

c.  S fails  in  a way  that  a switch  to  B is  mandated,  while  A is  still  capable  of  operating.  3 is  energized 
"and  the  system  operates  until  B fails. 

d.  S fails  while  A is  still  operating.  It  fails  in  such  a way  that  A and  B are  unable  to  operate  and  the 
system  fails. 

Let  P,(t),  P>(t),  Pc(t),  and  Pd(t)  denote  the  probability  that  the  system  fails  at  time  t according  to  the 
above  events,  a,b,c,  and  d,  respectively.  Then,  noting  that  the  above  events  are  all  mutually  exclusive 
at  t,  we  have  the  probability  of  failure  at  t: 


VO"  Vs0  + VO  + VO  + pa(t> 


Let  the  density  functions  of  time  to  failure  for  A,B,S , be  exponential  and  let  A and  B have  identical 
density  functions. 

f(t)*  Xe  ^ for  A and  B 


and 


g(t)-A0e-*  forS 

Note  that  (b),  (c)  and  (d)  indicate  three  different  modes  of  possible  failure  predicated  on  the  single 
failure  density  function.  In  order  to  cope  with  this,  define: 

P,~  probability  when  S fails,  the  switch  stays  on  A 

P3=  probability  when  S fails,  the  switch  goes  to  B 

Pj~  probability  when  S fails,  the  switch  makes  A & B inoperative. 

The  events  described  by  Pi,  Pj,  Pi  are  also  mutually  exclusive  and  exhaustive  and: 


We  will  now  develop  probabilistic  relationships  for  P,(t),  P»(t),  P (t)  and  Pj(t): 
Let: 

t,-~  the  time  at  which  S fails. 

(=  the  time  at  which  A fails, 
the  time  at  which  B fails. 


Noting  that: 


1-  / S(ta)  *it. 
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probability  that  S does  not  fail  before  t„ 


PCt8)-  1-  / fs(ta)  dta 


probability  that  A doesn’t  fail  before  t>,  wc  have: 


1 

\ 


t t~tv 


This  follows  from: 


Pa(t)"  f f Ht  ) f (t  ) ^<tb>)  dt^  dtb-. 

V°  V° 


^ r£,  fa(ta)  dt. 

/ 


* probability  that  A fails  before  S fails^i' 


ils  i»^[0;  t-tb]. 


end: 


/ 


/ W(t-tb)fb(tb)  dtb“  probability  that  B fails 


in  [0,0  after  the  switch 
was  made  upon  the  failure  of 
A. 


By  the  assumption  of  exponential  failure,  we  have: 


p" — xSs r[1-eM'-t(eM"c 


w. 


(2.19) 


Us>ng  the  memoryles?  property  of  the  exponential  distribution,  it  can  be  seen  that  A has  the  same 
density  as  before,  after  S fails. 

Then  wc  have: 

t t— X 

P,  (t)«P.  / / P(t  ) g(t  ) f 00  dt  dx. 

a 1 „ n a sa  s 

x»0  tfl«0 
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This  follows  from  the  following: 


and  it  follows: 


t-x 

W(t-x)«  / P(tv)  g(t'0  dt . 

to-O  * ® * 

0 


- probability  that  S fails  before  A fails 
in  [0 , t-x] 


P*  (t) 


P f W(t-x)  fa(x)  dx*  probability  that  A fails 

x**0 


in  [0,0  after  S fails. 


Similarly  we  have: 


P_(t)-Pp  / ’'A  8(tfl)  W dt«  ^ 

O ^ . r\  A.  „n 


and 


t^i-0  t..“0 


p.(t)=p3  / P(t  ) g(t ) dt 

a j . - s s s 


t .-0 
s 


The  assumption  of  the  exponential  density  gives: 

X 

O -AC  . 

— - e + 

A+X 


X - (A+A 
e 


P'uCt)"  P,  f — ~ - e Xt  + 

l-  »«o 

* *o  o 


- (X+X0)t 


3] 


(2.20) 


(2.21) 
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From  the  above  results  the  system  reliability  can  be  obtained  as  follows: 


RCO-  1«  Pw(t)  = 1-Pa(t)-Pb(t)-Pc(t)-Pd(t) 


a +K  L 


. . . -xt  -(x+x 

-Xt  X [e  - e o 


>t]l 


„ . . Xo  -Xt  , X -(X+X  )t, 
(P.  + ?,)  L— ^ e + e o ] 

X+X  x+x 

o o 


p o_  ( ! . c~(X+Xo)t:] 
J X+X 


(2.22) 


If  Ps  * 0,  Pi  + Pi  — 1 (fail  safe  provisions  built  into  system  such  that  a switch/sense  failure  cannot 
cause  system  to  directly  fail.) 


R(t)  - e"Xt  + ~ e~Xt  (1-e-#) 


(2.23) 


M *>  / R(t)  dt  « - + 

o A X X (X  +X) 

o o o 


(2.24) 


i itse*.  T -f  flta*  I'm 'ft  trirrfl  trt  avrrl  Jftn  fc.r.  tiiiirt  i ' 


*c-  • 


Note  that  by  (2.23)  and  (2.24) 


11a  R(t) 

X ->o 
O 


lia  e'Xt  + e“At  (l-/*0*) 

X^>°  X 

o o 


e*  + lim  [Xte"***'*  ] 


(2.25) 


» (1  + Xt)  e” 


lim  M - 11m  •-  + ~ - X— — 

A ~>o  A ->o  A A A (A  +A) 

o o o o o 


M * — 4-  Jim 

A An  ^ 0 A0  (A^  + A) 


A + i 

X X 


(2.26) 


which  are  identical  to  (2.12)  and  (2.13),  respectively,  for  a two-unit  standby  .«dundant  system. 


CHAPTER  3 


RELIABILITY  OF  REPAIRABLE  SYSTEMS 

The  previous  section  was  concerned  with  the  reliability  of  redundant  systems  which  were  not 
maintained;  thai  is,  the  assumption  was  made  that  the  redundant  configuration  was  maximally  operative  at 
time  zero  and  no  unit  repairs  were  performed  until  the  system  failed.  At  that  time,  all  the  units  were 
repaired  or  replaced  and  the  system  put  in  a maximum  operative  condition  again.  This  section  makes  the 
assumption  that  as  units  of  a redundant  system  fail,  they  may  be  repaired.  In  particular,  we  will  assume 
that  the  'me  to  failure  of  each  unit  and  the  time  to  repair  of  each  unit  follow  exponential  density  functions. 


-it 

r(t)  = Xe  for  time  to  failure 
g(t)  = **  for  time  to  repair 

X = failure  rate 
H = repair  rate 


In  the  previous  section  we  were  concerned  only  with  two  reliability  figures  of  merit:  (1)  Reliability 
expressed  as  a probability  P(t)  which  denotes  either  the  probability  of  operating  satisfactorily  over  a period 
of  time  (0,T)  or  the  probability  that  the  system  will  be  operating  satisfactorily  at  the  end  of  a period  of  time 
(0,T),  T.  (2)  Reliability  expressed  as  mean  time  to  first  system  failure  M.  Since  the  concept  of  maintained 
systems  forces  u change  in  the  operational  scenario,  the  figures  of  merit  of  intcrest.are  somewhat  modified 
and  augmented.  The  figures  of  merit  with  which  wc  will  be  concerned  will  be  as  follows: 

(1)  Reliability  expressed  as  the  probability  that  the  system  will  be  operative  at  any  time  t,  P(t). 

(2)  System  mean  time  to  iiist  failure  M (defined  in  the  same  way  as  in  the  non-repairable  case),  and 
system  steady  state  mean  time  to  failure  M,. 

(3)  The  expected  fractional  amount  of  time  that  the  system  will  be  functional  during  a period  of  time 
(0,T)  - (Note  that  this  figure  of  merit  could  be  applied  to  the  noil-repairable  case,  however,  it  is 
rarely  used  and  it  is  not  as  meaningful  as  it  is  in  the  repairable  case). 

(4)  Reliability  expressed  as  the  probability  that  the  system  will  not  fail  during  the  time  period  (0,T). 

It  i.i  interesting  to  note  that  while  (1)  and  (3)  arc  mathematically  different,  both  arc  commonly  referred 

to  as  "Availability”  (actually  while  the  development  of  both  measures  is  different  and  their  "time 
oriented”  forms  are  different,  their  limiting  cases  are  identical.) 

In  general,  the  procedure  which  must  be  followed  in  the  analysis  ai.d  evaluation  of  a repairable 
redundant  system  is  the  definition  of  its  relevant  system  states  followed  by  an  analysis  of  possible 
transitions.  This  means  that  the  system  can  be  in  any  one  of  various  states  Eo,  E,,  Ej . . . .E*.  For  example, 
a single  unit  has  two  possible  states  (1)  operating  and  (2)  failed.  A two-unit  redundant  system  as  in  Figure 
3.1  has  three  possible  states:  (1)  both  units  on,  (2)  one  unit  on,  one  unit  failed,  (3)  both  units  failed. 
Further,  the  system  can  pass  from  adjacent  state  to  adjacent  state  at  rates  defined  by  the  state’s  failure  and 
repair  rates.  (For  purposes  of  clarity,  let  us  define  adjacent  state  as  that  state  accessible  to  another  state  by 
a single  repair  or  a single  failure.  For  example,  in  the  case  of  the  two  redundant  units  in  Figure  3. 1 , the 
state  of  both  units  on  is  not  adjacent  to  the  state  of  both  units  failed  - the  state  of  both  units  on  is  adjacent  to 
the  state  of  one  unit  on,  one  unit  failed).  It  is  impossible  to  pass  from  one  state  to  another  unless  a chain 
path  of  adjacent  states  is  established.  Given  such  rules,  many  means  arc  available  to  analyze  redundant 
repairable  systems;  some  are  more  complex  than  others.  This  section  will  discuss  several  of  these  means. 

3.1  Analysis  of  a Single  Unit. 

To  start,  we  will  discuss  the  reliability  of  a single  unit.  As  will  be  seen  later,  the  reliability 
expressions  for  a single  unit  can  serve  as  time  saving  building  blocks  for  the  definition  of  the 
reliability  expressions  for  complex  redundant  repairable  systems. 

Consider  a unit  having  a failure  rate  X aiH  a repair  rate  /x. 

I-et  Py  (t)  denote  the  probability  of  a unit  1 :ing  in  state  j at  time  t given  it  was  in  state  i at  t=  0. 

0 ~ an  operating  state  (an  up  state) 
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-worrcr;  - — , — ?»m  t -- 


1 — a failed  state  (a  down  state) 
i,j  = iO 
* I 

then: 


P 0(feWt>-  P (unit  ia  operating  at  t+At,  given 
it  was  up  at  c*  0) 

" P(unit  doean't  fail  ini (t, t+At) | unit  ia  up  at  t, 
given  it  was  up  at  t-  0)*P  (unit  io  up  at  t,  given 
it  was  up  at  t*  0) 

+ P(a  repair  is  completed  in  (t,t+At)j  unit  is  down 
at  t,  given  it  was  up  at  t*  0)>P(unlt  is  down  at  t, 
given  up  t*  0) 

- (I~AAt)  Pn,>(t)  + pat  P_.  (t) 


Using: 


poo(t)  + poi(t)-  1* 

Po0(t+Ati-  U-AAt)F00(t)  + uAt(l-  PQ0(t)) 

Wt+at)  - P00^>  „ dPoo(t) 

At  y PO0(t)"  dt 


Solving  this  differential  equation  yields: 


Pjt)=  P + Ke-^fr 


Using  Poo(0)  = 1,  then  K~AA>+/  ). 
Then: 


A+y  A+y 


(3.1) 


(3.7) 


A=J! „ M 

r+y  ~w 

where:  1 - R - meantime  to  repair  of  the  unit 

y 

I = M - meantime  to  Xuilure  of  the  unit. 

I 


Equations  (3.1)  to  (3.4)  define  the  time  dependent  Availability  of  a unit,  P(t).  The 
concept  of  expectation  indicates  that: 


T 

/P(t)  dt 
0 


defines  the  mean  up  or  operational  time,  over  a period  of  time  (0,T)  realizing  a.  unit 
can  fail,  be  repaired,  fail  again,  etc.  It  then  follows  that  the  expected  fiaction  of  time 
that  the  unit  will  be  operating  during  the  interval  (0,T)  is  given  by: 

1 * 

K(F)«  ~ f P(t)  dt 
A 0 


From  equation  (3.1): 


EooW-'f  0/1(t+v 


e-a+>')fxit 

-VHi 


, _iL- 


■(X+u)T 


X+»i  T(X+»i)Z  T(X+p)2 


which  denotes  the  expected  fractional  aniount  of  time  that  the  unit  is  on  in  the  interval 
(0,T)  given  that  the  unit  is  operating  at  tr-0.  Similarly  from  equation  (3.2): 


(3.8) 


(3.9) 


(3.10) 
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1 

T 


T 

/ r 


o 


10 


(r.)df. 


V 


-(Afy)T 


A+y  T(Xfy)^  T(A+y)' 


(3. 11) 


which  denotes  the  expected  fractional  amount  of  time  that  the  unit  is  on  in  the  interval  (0,T)  given  that 


the  unit  is  down  at  t=0. 


Both  relationships  (3. 10)  and  (3.11)  are  composed  of  a constant  term  X-f/t  and  terms  which  vary 
with  the  time  interval  in  question.  As  the  time  period  (0,T)  gets  arbitrarily  large,  these  equations 
reduce  to  the  limiting  case  such  that  the  expected  fractional  amount  of  time  that  the  unit  is  on  during  a 
very  large  period  of  time  is: 


E (F)> 
00 


li 

A+y 


(3.12) 


Again,  it  will  be  noted  that  the  relationships  above  indicate  that  as  the  time  of  interest  t becomes 
distant  from  t— 0,  the  original  state  of  the  unit  is  of  no  consequence.  Note  that  relationship  (3. 12)  is 
identical  to  relationship  (3.7).  Hence  Availability  is  defined  as  either: 

(a)  The  expected  fractional  amount  of  time  that  the  unit  is  operating  over  an  arbitrarily  long 
period  of  time. 

The  probability  that  the  unit  is  operating  at  any  point  in  time  distant  from  t~-0. 

In  cither  case,  then 


(b) 


"1 


A- 


y+A 


M 

M+R 


The  tact  that  availability  can  have  a dual  definition  is  obvious  when  definition  (a)  is  considered  first, 
for  if  a unit  can  be  expected  to  be  operational  P percent  of  the  time  and  is  capable  of  numerous  repairs 
and  failures,  then  it  follows  that  at  any  random  point  in  time  the  probability  is  P percent  that  the  unit  is 
operating. 

Relationship  (3.7)  was  developed  using  a differential  equation  and  assumptions  relating  to  the 
distributions  of  repair  and  failure  times.  It  need  not  be  developed  by  that  means,  using  such 
assumptions.  It  may  be  developed  quite  simply  and  non-parametrically  as  follows: 

Let: 

T - the  interval  of  time  in  question 

To--'  the  time  during  the  interval  that  the  unit  is  operating 

T,—  the  time  during  thv  interv  al  that  the  unit  ij  down 


Then: 


A=  . 
T 


(definition  (a)  of  availability) 


But: 


7.6 


A 


M 


" number  of  failures  expected  m operating  time  T. 


0 - 


T. *•  y—  R*  title  that  the  unit  is  down  over  interval  in  question 


A- 


0 1 M 

— nr  — " — 

v 4.  i + s ** 
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which  is  identical  to  (3.7) 

Hence  the  limiting  relationship  for  Availability  is  non-parametric. 

There  will  be  situations  where  evaluation  requires  the  use  of  one  or  more  of  the  measures 
previously  discussed.  In  summary,  the  most  important  arc  repeated  and  defined  below: 


(a) 


-JL. 


+ - .A.  ' U+w)t 

A+p 


The  probability  a unit  will  lie  operating  satisfactorily  at  a given  point  in  time,  given  that  the  unit 
was  operating  satisfactorily  at  t~(). 


(b) 


j*’  0?)“*  “1^—  -f-  — 1 1 — — . 

00  A+p  tca+m)2 


A ^~(A+p)T 

T(A+|i)2 


'Ihc  expected  fractional  amount  of  time  that  the  unit  is  on  in  the  interval  (0,T),  given  that  the  unit  is 
operating  at  t=  0. 


(c) 


A"  — 
n+A 


M 

MfR 


rrhe  probability  a unit  will  be  operating  at  a random  point  in  time,  distant  from  t O,  or  the  expectei 
fractional  amount  of  time  that  the  unit  is  on  during  an  arbitrarily  long  time  interval  (0,T). 


I 


I 

I 


3.2  The  Combined  Units  Approach:  (Full  on  Redundancy) 

This  can  be  considered  one  of  the  most  basic  approaches  in  existence.  It  starts  with  the  definition  of 
P»(t)  or  Availability,  for  a single  unit  and  treats  these  as  basic  probabilities  of  survival,  as  discussed  in 
Chapter  1 (in  a reliability  block  diagram). 

Take,  for  example,  a two-unit  parallel  system  as  in  Figure  1.1.  Both  units  are  identical  and 
originally  operable  (on  at  t«*  0)  and  both  are  operating  simultaneously.  If  one  of  the  units  fails,  repairs 
are  begun  on  it  and  the  other  unit  performs  the  function.  As  soon  as  the  failed  unit  is  repaired,  it  is 
returned  to  operation.  At  the  first  instant  of  time  when  both  of  the  units  are  failed,  the  system  has 
failed. 

The  probability  that  Unit  A is  operating  at  t-  POT(t) 

The  probability  that  Unit  B is  operating  at  t-  P^t) 

The  probability  that  either  A or  B or  both  are  operating  at  t is  the  Availability  of  the  system  P(t). 


PCt;)-  PgpCO  + poo^  “ 

2 poo^  ” poo^ 

„ 2 f-JL  + -X-  Ch + _X_ 

[_hh  ^ u+x  J u+x  j 


which  when  expanded  and  combined  reduces  to: 


F(t) 


2,  ,2 

M + 2Au  A e 

(x+u)2 


“2 (X+y) t 
(X+U.)  ^ 


2A2jc2(X+^t 

(x-t  mT7 


(3.14) 


Note  that  as  t gets  arbitrarily  large  (3. 1-1)  reduces  to: 


P(t)- 


(A+li)2  ^yet'm 


(3.15) 


2H 


i UTlfr Mlini I ifi k4ll,iit‘rtiiv> i iiYitiri^i  if iTiari* i nkJhlTrn  Jii' itiT hi  i ri*  " 


which  is  the  limiting  availability  for  the  two-unit  redundant  case.  To  show  this  directly  define  as 
before: 

The  probability  that  unit  A and  unit  B will  be  operating  at  a random  point  in  time,  distant  from  t—  0, 
as  respectively: 


A ” — and  A - 
A jj+A  B 


This  is  identical  to  (3.15). 

In  general,  this  approach  is  one  of  the  simplest  to  use  when  an  evaluation  of  either  the  limiting  or 
the  time  dependent  availability  of  a system  or  subsystem  is  required  (mean  time  to  first  failure  or 
Probability  of  no  system  failure  over  time  t cannot  be  evaluated  using  this  approach). 

The  following  formula  may  be  utilized  to  determine  the  system  or  subsystem  redundancy  and 
general  philosophy  of  operation  as  discussed  in  the  beginning  of  this  section. 

Let  X,*-  time  dependent  or  limiting  availability  of  any  unit. 


System  Availability** 


!;  ":i  <%  4 <i-x.>Ni-i 

i“.l  j"*D1  J 


(3.17) 


where: 

L-  number  of  subsystems  in  series 

i-  defines  the  ilh  subsystem 

D~  minimum  number  of  working  units  required  for  the  i1*1  subsystem  to  operate 
N,=  total  number  of  parallel  units  comprising  the  i*  subsystem. 

3.3  The  Markovian  Approach  (For  Full  on  Redundancy) 

Of  all  the  approaches  to  the  analysis  of  repairable  redundant  configurations,  the  Markovian  is  the 
most  powerful.  It  is  particularly  appropriate  to  the  analysis  of  redundant  systems  and  through  its 
application  to  suen  characteristics  as: 

. Availability  (time  dependent  and  limiting) 

. Mean  Time  betwten  system  failure 

. Reliability  (we  saw  earlier  a simple  Markovian  approach  analysis  for  a non-vepairable  system). 
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A redundant  repairable  system  composed  of  N units  has  2"  potential  states.  Each  time  a different 
combination  of  units  is  failed  and  operating  a new  state  is  defined.  This  means  for  every  single  repair 
action  completed,  the  system  enters  a new  state.  Likewise,  for  each  failure  which  occurs,  the  system 
enters  a new  state.  The  repairs  and  failures  which  occur  cause  the  transitions  from  one  state  to  the 
next.  The  rates  of  transition  (the  failure  rates,  and  repair  rates)  from  one  state  to  the  next  are 
determined  by  the  failure  rate  and  repair  rate  characteristics  of  the  current  state  and  also  the 
probability  of  more  than  one  transition  occurring  simultaneously  is  zero. 

In  order  to  apply  the  procedure,  all  possible  system  states  must  be  identified  and  probabilistic 
equations  developed  describing  such  states.  The  easiest  way  to  define  and  write  the  probabilistic 
relations  of  the  states  is  to  draw  a state  space  diagram  or  a truth  table.  The  diagram  shows  visually  the 
evolution  of  different  system  states  possible  and  the  means  of  transition,  if  any,  between  states,  either 
by  failure  or  repair.  Because  small  increments  of  time  are  considered  in  the  analysis,  the  probability  of 
a double  transition  is  considered  to  be  zero.  The  truth  table  (Figure  3.2)  shows  the  results  of  the  space 
diagram  in  tabular  form.  Examples  of  both  wilt  follow. 

The  definition  of: 

(A)  Availability  (time  dependent,  and  the  limiting  case) 

(B)  Reliability  and  Mean  time  to  system  failure 

require  the  utilization  of  slightly  different  constraints  and  formulation  of  slightly  different  sets  of  state 
equations.  The  primary  difference  lies  in  the  fact  that  if  we  wish  to  determine  the  probability  that  at 
any  time  the  system  is  in  any  state  K (necessary  to  determine  Availability)  we  must  allow  for  a 
transition  from  a system  failed  state  to  an  operating  state.  In  the  event  wc  wish  to  determine  the 
reliability  (the  probability  of  no  system  failure  in  an  interval  (0,T))  that  is,  the  probability  that  the 
system  remains  in  the  set  of  non  failed  states  during  the  interval  (0,T), 


R(t)«  Z R, (t) 
£1  1 


[)  “ Set  of  all  non  failed 
states . 


or  the  mean  time  to  failure  of  the  system,  wc  must  structure  our  state  equations  such  that  there  is  no 
transition  from  a failed  state. 

The  space  diagram  for  a two-unit  system  (both  units  operating  simultaneously,  only  one  of  which  is 
required  for  systems  operation)  is  shown  in  figure  3.1.  As  can  be  seen,  the  possible  states  are: 

a)  Unit  A and  Unit  B are  both  operating  (State  2) 

b)  One  unit  is  in  a failed  state  (repairs  are  being  made)  and  the  other  is  successfully  operating 
(State.  1) 

c.)  Both  units  are  failed  (State  0) 

The  truth  tabic  can  be  tabulated  as  in  Figure  3.2. 

Values  of  the  A's  and  pi’s  define  transition  probabilities  between  adjacent  states.  The  arrows  indicate 
which  direction  the  transitions  take. 


.1 


0 


State  Space  Diagram  For  Reliability  And  Mean  Time  To  Failure  Measures 
Figure  3.1 
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STATE  A B SYSTEM 

2 1 1 Operating 

1 0 1 Operating 

1 1 0 Operating 

0 0 0 Failed 

Truth  Table  For  A Redundant  System 

Figure  3.2 

3.3.1  Markovian  Approach  for  Availability  Measures  (Time  Dependent  and  Limiting  Case) 
(Full  on  Redundancy) 

The  following  set  of  state  equations  may  be  developed 


P2(t+At.)“  P (unit  A and  B are  both  operating  at  t+At.) 

- P (neither  A nor  B fail  in  (t,t+At)  I both  units 

are  operating  at  t)*P(both  units  are  operating  at  t) 

+ P (the  repair  of  A(B)  is  completed  in  (t,t+At)  | 

B(A)  is  operating  at  t)*P(B(A)  1b  operating  at  t) 

- (J.-2AAt)  P2(t)  I-  pAt  P3(t)  (3.18) 


Similarly,  wc  have: 

P1<ttAt)“  2AAt  P2(t)  + [l-  (A+p)At]  P:(t)  + 2pAt  PQ(t)  (T.  19) 
P0(t+At)-AAt  Pj(t)  +[l-2pAtJ  PQ(t)  (3.20) 


where: 


p0(t>  + PlCt)  + p2(t)'‘  1 


(3.21) 


Expending  and  rearranging  the  state  equations  as  follows: 


P.(t>At)  - P,(t)  jp./f-v 

JL 1 2*2!£L  - yp  (t.)-  2AP,(t)  (3.22) 

At  dt  1 


P^t+At)-  P1(t)  dP1(t) 

At  dt 

+ 2AP2(t)  4-  2uPQ(t) 
Pg(t+At)  - P0U)  dPg(t) 


(A+u)Pj(t) 


(3.23) 


I ! 


At 


dt 


APj (t)  - 2uPg(t) 


(3.24) 


Taking  Laplace  transforms  and  realizing  that: 


j P2(0)-  1,  PjOl)-  0,  PQ(0>-  0 

I 

(initial  conditions  if  we  assume  all  units  operative  at  t=  0). 


.s  P2(s)~  1-  mPj(s)  - 2XP2(s) 
a P1(b)-  -(X+u)  P1(a)  + 2A  P2(a)  + 2uPq(») 
a PQ(o)-  XPx(s)  - 2p  Pq<b) 


r 

i tiiiKiitiijutr'tiKliSiii' 
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At 


Solution  of  these  simultaneous  equations  and  finding  the  inverse  transformation  (as  shown  in 
Appendix  B)  results  in: 


P(t)«  1-  PQ(t)- 


n2+2Xyi 

(X+u)2 


x2e-2(x+u)t  + 2Xy(x-fu)t 
(X+W)2  (x+u) 2 


(3.25) 


and  taking  the  limiting  case  (letting  t -*  “) 


P(t)  -*■  A- 

M2+2Xu 

(X+p)2 

(3.26) 

Note  that  results  (3.25)  and  (3.26)  are  identical  to  results  (3. 14)  and  (3.15)  and  (3.16)  which  came 
about  as  a consequence  of  an  entirely  different  approach  to  the  problem  (an  approach  which  was 
considerably  less  involved  than  the  classical  Markovian  approach  discussed  previously). 

*4^2  Markovian  Approach  for  Reliability  Measures  and  Mean  Time  to  System  Failure 

(Full  on  operation) 

The  following  set  of  state  equations  may  be  developed  (derivation  similar  to  previous,  except 
notice  that  once  a unit  reaches  a failed  state  Po(t)  it  is  r.ot  allowed  to  pass  to  a working  state 

P,(t)). 

P2(t+At)« 

P2(t)  (l-2XAt)  + P (t)pAt 

(3.27) 

P1(tt-At)« 

P2(t)  2XAt  + P1(t)  (l~(X+u)At) 

(3.28) 

P0(t+At)« 

Pl(t)XAt  + PQ(t) 

(3.29) 

P2(t)  + P 

^(t)  + PQ(t)“  1 

(3.30) 
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As  before  manipulation  of  the  state  equations  results  in  the  differential  equations: 


dP2(t) 

dt 


- - 2AP2(t)  + pP1(t) 


dP1(t) 


“ « 2X  P2(t)  - (X+u)P1(t) 


dPn(t) 

-at XY'> 


Taking  Laplace  transforms  and  realizing  tliat: 

P,(0)  - 1,  P,(0)  = 0,  PjtO)  - 0 

(initial  conditions  if  we  assume  all  units  operational  at  t=  0)  we  obtain: 


1-  (a+2X)  P2(s)  - uPjfaJ 

0-  2Xr2(a)  - (X+irts)  Pjfe) 

0-  sPq(s)  - XP^(s) 


(in  a manner  similar  to  Appendix  B).  The  same  argument  of  the  previous  section  remits  in: 


R(t)« 


S2C  at 

fiie  “8Z* 


81  “82 


as  before: 


„ s * _ 

1»  2.  2 


/ R(t)  dt: 

0 


A 


m 3X+p 

2 """ 

2X 


(3.31) 

(3.32) 

(3.33) 


(3.34) 

(3.35) 

(3.36) 


(3.37) 


(3. 38) 
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(assuming  the  system  at  t=  0 had  both  units  in  satisfactory  operation).  Note  that  if  fi-  0 (that 
means  non-rcpairable  system) 


M = i--l 
2 X 


(3.39) 


which  is  exactly  the  value  which  would  have  resulted  from  relationship  (2.6)  for  2 units  in  a 
non-rcpairable  system,  and  if  /x=  0 relationship  (3.37)  reduces  to: 

R(t)-  2e~Xt-e“2Xt  (3.40) 


which  is  exactly  the  value  which  would  have  resulted  from  relationship  (2.7)  for  2 units  in 
a non-rcpairable  system. 

3.4  The  Markovian  Approach  For  Stand  by  Redundancy,  Markovian  Approach  for  Availability  Measures 
(Time  Dependent  and  Limiting  Case)  (System  in  Stand-by  Conditions) 

In  this  situation  our  intent  is  to  setup  the  probability  state  equations  relevant  to  the  case  where  the 
redundant  configuration  has  one  unit  in  actual  operation  and  the  other  units  are  in  stand-by  (such  units 
are  not  energized)  and  have  failure  rates  0.  The  unit  in  operation  operates  until  it  fails,  at  which 
time  one  of  the  stand-by  units  begins  operation,  and  repairs  are  begun  on  the  failed  unit.  When  the 
failed  unit  has  been  repaired,  it  becomes  a stand-by  unit.  When  a failure  occurs  when  no  repaired  (or 
good)  stand-by  units  are  available,  the  system  fails. 

As  before,  an  example  is  presented  as  to  how  such  a problem  is  solved.  We  take  again  a two-unit 
redundant  system  and  define  its  respective  states. 

(1)  Unit  A and  Unit  B,  both  are  operable  - one  is  operating  (State  2) 

(2)  One  unit  is  in  a failed  state  (repairs  are  being  made)  and  the  other  is  operable  (State  1) 

(3)  Both  A and  B are  in  a failed  state  (State  0).  Then  we  have  the  following  state  equations: 

P2(t-t-A)-  P2(t)(l-AAt)  + P (t)pAt  (3.41) 


P1(t+At)=  P2(t;)AAt  + P1(t)  U-(A+u)At) 

+ PQ(t)2uAt  (3.42) 


PyCt+At) 


PxCt)  AAt  + PQ(t)  (l-2uAt) 


(3.43) 


Expanding  and  rearranging  the  equations: 


dP2(t) 

- yPx(t) 

- XP2(t) 

dt 

4P1(t) 

- -(A+u) 

Px(t)  + AP2(t)  + 2MP0(t) 

dt 

dF„(t) 

dt 

- 

- 2uPQ(t) • 

Taking  Laplace  transforms  and  solving  for 
P(t)«  1-  PQ(t) 


PCt)-  1- 


,2  ®2t 


2 Blt 
A e A 


"1*2  + •2^2“  V + •i^*i”»2) 


*lf*2 


- *->V 


(3.44) 


Note  as  t gets  arbitrarily  large: 


P(t)-  A- 


2m2  + 2uA 
i’ll2  + A2+  2jj  A 


(3.45) 
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3.4.  l Markovian  Approach  for  Reliability  and  Mean  Time  to  Failure  Measures 
(System  in  Stand-by  operation) 

Assume  a redundant  stand-by  configuration  and  operating  philosophy  as  described  in  the 
previous  section.  Again,  the  primary  objective  is  to  develop  the  probability  state  equations 
representing  the  system,  its  operational  philosophy  and  the  measures  to  be  evaluated. 

As  before  an  example  is  presented  as  to  how  such  a problem  is  solved.  We  take  again  a 
two-unit  system  and  define  its  possible  states: 

(1)  One  unit  is  operating  and  has  a failure  rate—  X,  a second  unit  is  capable  of 
operation  but  is  not  energized  and  has  a failure  rate-  0.  (State  2) 

(2)  One  unit  is  in  a failed  state  (repairs  are  being  made)  and  the  other  is  successfully 
operating  (State  1) 

(3)  Both  units  are  failed  (incapable  of  operation  due  to  malfunction)  (State  0). 

Note  as  previously  stated,  that  in  order  to  evaluate  Reliability  or  Mean  Time  to  Failure,  the 
state  equations  can  permit  no  transition  from  a failed  state.  As  before,  state  equations  are 
developed. 


P2(t+At)-  P2(t)(l  -XAt)  + Px  (t)  uAt 


(3.46) 


P^t+At)-  P2(t)AAt  + P1(t)  [l-  (M-p) At]  (3.47) 


P0(t+At)-  P^tjAAt  + P (t) 


(3.48) 


After  solving  the  equations  finding  the  inverse  transformation  and  performing  manipulation 


r2t  V 

V IV 

rl"r2 


(3.49) 


where: 


w 


+ /{y+  2A)2-  4A2 


Again,  since  r,,  r,  < 0 and  r.  > r2,  wc  have: 


r2t  rjt 

r.e  - r»e 

ACt)dt-  dt 

0 0 rr,-2 

rl  r2C  r2  r±t 

“ - ~Ty — TT  f * 7 — V /%  1 dt 

r2^  0 vTj^r^y  ^ 


__1  _ 2 

r2^rr>)  ri(rrr2> 


rl+r2 

rlr2 


2X+u 


(3.50) 


Note  if  the  system  is  non-repairable,  ft  - 0,  then 


M- 


(3.51) 


which  is  identical  to  the  result  of  Equation  (2.14)  for  a two  unit  non-repairable  system. 

By  this  tim.  it  is  clear  that  the  Markovian  approach  is  capable  of  evaluating  all  of  the 
reliability  measures  required.  However,  it  is  also  clear  that  this  approach  is  rather  cumbersome 
and  time-consuming,  especially  when  more  than  two  units  are  redundant  or  when  the  units  have 
different  values  of  X and  . Note  also  th  the  Markovian  approaches  discussed  are  designed  to 
evaluate  specific  configurations/opcratiimal  scenarios,  and  not  to  provide  closed  form 
relationships,  relating  failure  and  repair  rates  of  units,  number  of  units  in  a subsystem  and 
(Km.ber  of  subsystems  to  system  reliability.  The  next  two  sections  provide  discussions  of  two 
approaches  'hich  are  capable  of  making  the  analysis  of  repairable  subsystems  less 
cum  erson  and  time-consuming  than  those  discussed  and  have  the  additional  characteristic  of 
being  i<  cU>*  ed  form  or  algorithmic  form  such  that  a single  equation,  or  procedure  is  capable  of 
evaluating  any  number  of  units  in  pari  el. 


3.5  State  Fxpcctation/Transition  Model  (for  Reliability  and  Mean  time  to  failure) 

3.5.1  Full  on  redundancy 

While  the  other  approaches  o'  - issed  to  evaluate  the  reliability  of  redundant  systems  were 
classical,  the  following  must  be  considered  unique  It  uses  as  a foundation  the  basics  of  a 
Markovian  process  but  treats  and  combines  these  into  an  expectation  model. 

Given  a system  comprised  of  L operating  redundant  identical  units  (each  winh  identical 
values  of  X and  n,  in  addition  all  failures  and  repairs  of  units  take  on  an  exponential  density  as 
defined  previously.)  Assume  that  D units  (D<L)  as  a minimum  must  be  operating  in  order  for 
the  system  to  function.  The  system  then  has  a number  of  possible  operating  states. 
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State  Defined  as 

0 L units  operating 

1 L-l  units  operating  Satisfactory  opeiating  states. 

2 L-2  units  operating 

• • • 

• • • 

• • • 

» • • 

N D units  operating 

N + 1 D-l  units  operating  - a system  failure 


As  indicated  previously  transitions  can  take  place  only  between  adjacent  states.  That  is, 
given  the  system  is  in  state  of  j,(j>0),  the  system  can  next  yo  to  either  state  (j  + 1)  or  (j  - 1),  no 
other.  This  follows  from  the  flow  chart, 


Naturally,  for  example,  when  2 of  L units  are  failed  the  next  transition  must  be  cither  to  1 of  L 
units  failed  (indicating  a repair)  or  3 of !.  units  failed  (indicating  a failure). 

It  is  also  clear  that  immediately  before  the  system  fails  (reaches  state  (N  + 1))  the  system 
must  be  in  state  (N). 

Kach  state  has  associated  with  it  unique  failure  rate  \ j,  and  repair  tate  /a r computed  as: 


j s N [N  in  the  state  number'  nsnociuted 
with  D unite  operuting] 
jy  (assumes  that  as  soon  as  a 

unit  fails  repair  is  begun) . 


3') 


~ T1..7WM 


Since  we  are  dealing  with  exponential  density  functions  for  repair  and  failure: 
Expected  time  in  state  j before  transition 


E(j)" 


Vi 


(3.52) 


Probability  of  going  to  state  (j  + 1 ) on  the  next  transition,  given  you  are  in  state  j at  the  present 
time.  (This,  of  course,  signifies  an  additional  failure) 


P(.1+.l/.1 )' 


(3.53) 


Probability  of  going  to  state  (j-1)  on  the  next  transition,  given  you  are  in  state  j.  (This  of 
course  signifies  a repair) 


- P(J-l/j)- 


Y"j 


0.54) 


PCj-l/j)  + P(j+l/j)-  1 


Given  the  characteristics  above  and  using  expectation,  the  expected  length  of  time  to  go  from 
state  j to  state  (j+I),E(j+l/j),  can  b formulated. 


KCJ+l/j)-  P(j+l/j)  • E(j)  + ?(j-l/j)  [e(J)  + K(j/j-l) 

+ E(j+l/j)J 


Rearranging  and  grouping  terms 


K(j+l/j)-  - 


F(.1+l/j)  • E(,1).  + P(j-l/j)  [E(  j)  + E(j/j-i)] 


l-P(j-l/j) 


Substituting  (3.52)  - (3.54)  into  the  above: 


*CJ+i/J)-3~+  r1  ECJ/J-l)-  + 41 
Aj  i i 


j~i 

n-K 


0.55) 
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It  is  obvious  that  in  order  to  fail  (assuming  the  units  of  the  system  were  all  operating  at  t*=  0) 
the  system  must  gracefully  degrade;  that  is,  from  state  1 it  must  eventually  go  to  state  2,  from 
state  2 it  must  eventually  go  to  state  3 , etc . , and  the  average  time  for  such  graceful  degradation 
from  state  j to  (j  + 1)  (taking  into  account  transitions  from  j to  (j-1))  is  accounted  for  by  (3.55) 
Therefore: 


l E(j-KL/j)~  M 
J-o 


(3.56) 


that  is,  the  sum  of  the  expected  times  to  transition  from  state  j to  (j+ 1),  from  (j-f 1)  to  (j+2), 
etc. , is  the  expected  time  to  go  from  state  0 to  state  (N+ 1),  which  is  the  mean  time  to  system 
failure.  Repeated  use  of  (3.55)  in  (3.56)  leads  to: 


M-  £ E(j+l/j) 

j-°  4 

i un 

N i N j-1  ‘ 

- E -— + z l (£S±i 

J-0  J J-1K-°  H An 


(3.53) 


For  example , take  a two-unit  redundant  system  as  before  (each  unit  having  identical  failure  and 
repair  rates  X,  and  p.)  and  apply  (3.57).  The  result  is: 


U+3* 


(3.58) 


the  same  result  as  from  (3.38)  which  evaluated  the  two  unit  system  using  a conventional 
Markovian  Process. 

As  can  be  observed,  this  procedure  is  significantly  simpler  to  apply  than  any  of  the  others 
discussed  and  less  time-consuming  (due  solely  to  the  fact  that  application  of  (3.57)  is  all  that  is 
required).  Its  drawbacks  arc  (1)  while  the  mean  time  to  failure  of  the  system  may  be  derived,  its 
reliability  expressed  as  the  Probability  of  no  system  failure  in  time  t cannot  be  determined;  and 
(2)  it  is  capable  of  handling  only  redundant  systems  comprised  of  units  with  identical  failure 
and  repair  rates. 
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3.5.2  Stand-by  Redundancy 

The  concepts  of  the  previous  section  can  be  used  to  develop  a relationship  for  mean  time  to 
failure  for  a system  employing  stand-by  redundancy. 

Given  a system  comprised  of  L redundant,  identical  units  (each  with  identical  values  of  X, 
end  ft.  In  addition,  all  failure  and  repairs  of  units  take  on  an  exponential  density  as  defined 
previously).  Assume  that  D units  (D<L)  must  operate  at  alt  times  in  order  f<r  the  system  to 
operate.  All  other  units  are  rot  energized  and  have  X - 0.  They  remain  energized  until  a failure 
occurs  and  only  then  is  one  energized.  A repair  action  is  immediately  started  on  the  failed  unit. 
The  system  fails  when  one  of  the  D operating  units  fails  and  no  energized  unit  is  available  to 
take  its  place  (all  (L-D)  units  under  repair  when  a failure  occurs).  The  system  has  a number  of 
possible  states: 


State  Defined  as 


0 D Units  operating,  (L-D)  energized,  0 under  repair 

1 D Units  operating,  (L-D- 1)  energized,  1 under  repair 

2 D Units  operating,  (L-D-2)  energized,  ?.  under  repair 

* • • • t a • • • 

• ••  • • • • • » 


• • • • a • • • • 

N D Units  operating,  0 • (L-D)  under  repair 

N+l  D-l  Units  operating  —*  Failure 


Again,  transition  can  take  place  only  among  adjacent  states.  That  is,  given  the  system  is  in 
state  j (j>0),  the  system  can  next  go  to  either  state  0+ 1)  or  (j- ) ),  no  others.  (See  flowchart  of 
last  section). 

Naturally,  for  example,  when  2 of  L units  are  undergoing  repair  (are  failed)  the  next 
transition  must  be  either  to  1 of  L units  undergoing  repairs  (one  unit  repaired)  or  3 of  L units 
undergoing  repairs  (an  other  operating  unit  failed). 

It  is  also  clear  that  immediately  before  the  system  Jails  (reaches  state  (N-f  1)  ) the  system 
must  be  in  state  (N). 

Each  state  (j)  has  associated  with  it  a failure  rate  of  X,,  a.  id  a repair  rate  of 

For  stand-by  redundancy 


X,-  DX  j*N 

jM  (assumes  that  as  soon  as  a unit  fails,  repairs  are  begun). 

Since  we  are  dealing  with  exponential  density  functions  for  repairs  gr.d  failure: 
Expected  time  in  state  j before  transitio  i 


- E(  j)™ 


1 

DX+Uj 


(3.59) 


Probability  of  going  to  state  (j-H)  on  the  next  transition,  given  you  are  in  state  j at  the 
present  time.  (Signifies  an  additional  failure) 


(3.60) 
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Probability  of  going  to  state  (j-1)  on  the  next  transition,  given  you  are  in  state  j (signifies  a 
repair) 


- P(J-1/J)- 


AD  + n 


(3.61) 


PCj-l/.l)  + F(j+l/j)-  1 

The  expected  length  of  time  to  go  from  state  j to  state  (j+ 1),  E(j-f  1/j),  is  formulated: 

E(j+l/j)-  PCj+l/j)  • E(j  ) + PCj-l/j)  [E(j  ) + E(J/j-l) 

+ E(j+l/j)] 


Substituting  (3  .59)  - (3.61)  into  the  above,  regrouping  and  simplifying. 


E(j+l/j)-  "•  + E(J/J-1) 


(3.62) 


It  is  obvious  that  in  order  to  fail  (assuming  the  units  of  the  system  would  all  be  in  an  operable 
condition  at  t~  0)  the  system  must  gradually  degrade;  that  is,  from  say  state  1 must  eventually 
go  to  st  iff  2,  before  going  to  state  3.  And  the  average  time  for  such  a degradation  from  state  j to 
state  (j+1)  (taking  into  account  .ransitions  from  j to  (j-1) ) is  accounted  for  by  (3.62). 

Therefore: 


E E(j+1/J)-  M 
j-0 


(3.63) 


that  is,  the  sum  of  the  expected  times  to  go  from  state  j to  j+l,from(j+l)  to  (j  f 2)  etc.  is  the 
expected  time  to  go  from  state  0 to  state  (N+ 1),  the  mean  time  to  failure  of  the  system. 
Repeated  use  of  (3.62)  in  (3.63)  leads  to: 


t|  M « 

w " . " 1 * n"K  + l 

M = \ E(j+  l/j)  -•  i H 1 

J'u  KD  K'°  ttDX 


(3.64) 


For  example,  take  a two-unit  redundant  system  in  standby  (each  unit  having  identical  failure 
and  repair  rates  X./u.)  and  apply  (3.64).  The  result  ir.: 


M' 


(3.6!)) 


the  same  as  die  result  from  (3.50)  which  directly  evaluated  the  two  unit  standby  system  using  a 
conventional  Markovian  Process. 

As  can  be  s«*en,  this  procedure,  like  Use  preceding,  has  advantages  of  simplicity  and  time 
over  the  classical  method  to  evaluate  the  mean  time  to  failure  of  a standby  system.  Its 
drawbacks  are  (1)  while  tire  mean  time  to  failure  of  the  system  may  be  derived,  its  reliability 
expressed  as  the  probability  that  the  system  will  operate  over  an  interval  of  time  (0,T)  with  no 
failure  cannot  be  determined;  and  (2)  it  is  capable  pf  handling  only  redundant  systems 
comprised  of  units  with  idenucal  failure  smd  repair  rates. 

.6  System  Failure  Rate  Approach  (For  Full  on  Operations) 

In  the  previous  section,  concepts  pertaining  to  transition  rates  (failure  and  repair  rates)  between 
adjacent  states  were  used  as  the  foundation  on  which  an  evaluation  technique  was  based.  In  this 
section  we  will  discuss  an  evaluation  technique  based  on  the  concept  of  System  Failure  Rate 
associated  with  each  system  state 
Let  us  first  define: 

(1)  System  State  - The  description  of  the  systems  operating  condition  in  terms  of  how  many  units 
are  operating  and  how  many  arc  in  a failed  state. 

The  following  is  a list  of  the  possible  spates  for  a parallel  system  comprised  of  L units. 

States  Description  of  State 

0 L Units  operating,  0 failed 

1 (L-l)  Units  operating,  1 failed 

2 (L-2)  Units  operating,  2 failed 

3 (L-3)  Units  operating,  3 failed 

• « i • • « 

• • • • • • 

« • • 9 9 • 

(L-N)  Units  operating,  N failed 

N+l  (L-N-l)  Units  operating,  (N+l)  failed 

We  bear  in  mind  that  transitions  can  take  place  only  between  adjacent  states  (more  than  one  failure 
at  one  time  has  a probability  - 0;  more  than  one  repair  ut  ">nc  time  has  a probability  - 0;  a failure  and 
a repair  manifesting  themselves  simultaneously  has  a probabihty—  0).  ihat  is  the  system  which  if  in 
state  j (j>0)  can  go  cither  to  state  (j+ 1)  or  state  (j-1).  Further,  assuming  that  the  system  is  in  state  0, 
at  t=  0,  in  order  for  the  system  to  fail  (reach  a failed  state,  say  (N-f- 1»  it  must  ai  some  time  go  from 
state  0 to  state  1,  from  state  1 to  state  2,  from  state  2 to  state  3,  etc,  etc. 

Further,  if  one  defines: 

E(j+  1/j),  the  expected  time  to  go  from  state  j to  state  (j-1- 1).  then: 


-'■varv 


imwww 


mu*  w*!  r.'j'u  wi. »' 


TV 


N 

E E(j+1/J)-  M-  Haan  t±tm  to  system  failure. 

j-o 


(2)  System  Substate  - A Substate  of  a system  state.  Many  system  states  as  defined  above  (X  units 
operating,  Y failed)  may  occur  in  a different  number  of  ways  (for  example,  take  a two-unit  redundant 
system  comprised  of  Unit  A and  Unit  B.  Unit  A may  be  operating  and  Unit  B failed,  or  Unit  B may  be 
operating  and  Unit  A failed.  Both  are  different  substates  belonging  to  the  system  state,  one  unit 
operating,  one  unit  failed)  each  way  in  which  the  system  state  might  occur  is  called  a substate. 

(3)  Border  State  - A substate  of  a system  state  where  the  next  unit  failure  will  cause  a system  failure. 

Examples: 

(1)  A three-unit  redundant  system,  a minimum  of  any  2 units  must  be  operating  in  order  for  the 
system  to  operate.  In  this  case,  the  border  states  would  be  any  2 units  operating,  one  unit 
failed.  Three  border  states  would  result. 

(2)  A four-unit  redundant  system,  a minimum  of  one  unit  must  be  operating  in  order  for  the 
system  to  operate.  In  this  case  a border  state  would  be  any  one  unit  operating,  3 units  failed. 
Four  border  states  would  result. 


(4)  Limiting  Availability 


g = M 
/t+  X M+  R 


Defined  and  derived  earlier  as  a non-parametric  measure  which  indicates:  the  proportion  of  time  lhat  a 
unit  is  operating  (or  up),  given  its  average  failure  and  repair  rates,  X and  /*;  or  the  probability  that  a unit  is 
operating  at  a random  point  in  time,  given  its  average  failure  and  repair  rates  X and  fi. 

In  a system  comprised  of  L parallel  units  application  of  the  Limiting  Availability  figure  of  merit  can 
determine  the  proportion  of  the  time  that  the  system  is  operating  or  the  proportion  of  time  that  the 
system  is  in  a given  state. 

Example:  A three-unit  Redundant  System  made  up  of  units  A,  B,  and  C,  (A  minimum  of  one  unit  is 
required  for  satisfactory  operation). 

I^t  A„  indicate  Unit  A is  on 
Ap  indicate  Unit  B is  Failed 
B„  indicate  Unit  B i . On 
BP  indicate  Unit  B is  Failed 
C0  indicate  * Jnit  C is  On 
CP  indicate  Unit  C is  Failed 
The  system  can  be  in  any  one  of  the  following  states: 

AoBoQ 

AoBoCp 

AoBpCo 

A0BpCf  Border  State 

ApB0Co 

ApBoQ.  Bolder  State 

ApBpQ,  Border  State 

ApBpCp  Failed  State 

Let: 

Aa.  As,  Ac  represent  the  Availability  of  A,  b and  € 'respectively. 

Let: 
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(1-Aa),  (1-A^f  (1-Ac)  represent  the  Unavailability  of  A,  B & C (This  represents  the  proportion 
cf  time  that  A,  B,  or  C is  in  a failed  state  (undergoing  repair),  or  the  probability  that  A,  B or  C is  in  a 
failed  state  (undergoing  repair),  at  a random  point  in  time). 

Using  the  fundamentals  of  probability,  wc  can  now  model  each  state  and  determine  the  proportion 
of  time  that  a system  is  in  any  particular  state.  Taking  the  last  example: 


State 

Proportion  of 

time  in  state 

Border  stats 

*0 

B0 

co 

'■A  Vc 

m 
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No 

Ao 

B0 

Sr 
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m 
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No 

Ao 

flF 

co 

aa«-*b)ac 

m 

No 

Ao 

BP 

CF 

\«-V  «-Ac> 

m 

u A* 

T5+XV3 — 

Yes 

Ap 

B0 

co 

(-1~Aa)ABAC 

m 

_jiX, 

No 

Ap 

B0 

Sr 

^'<,AA^AB^1“AC^ 

m 

u A2 

Yes 

bf 

co 

Cwaa)  (1-AB)AC 

- 

uX^ 

Yes 

Ap 

bf 

S 

a^AA)  a-^)  a~Ac) 

m 

Cu+A)7 

Failed 

TOTAL- 

.1 

1 

The  primary  concept  to  grasp  in  the  application  of  this  evaluation  technique  is  the  fact  that  the  system  has  a 
failure  rate  equal  to  zero  while  it  is  in  every  state  except  a Border  State;  that  is,  the  system  can  fail  directly 
only  from  a Border  State;  it  can  not  fail  directly  from  any  other  state.  The  system  failure  rate  A,,  in  a 
Bonier  State  is  the  sum  of  the  failure  rates  of  the  operating  units  in  that  Border  State. 


A 


m 

B 


D 

S 

1*1 


xi 


A,-  failure  rate  of  a Border  State 

A|=  failure  rate  of  the  i**1  operating  unit  (non  failed  unit)  in  the  Border  State. 

D-  Mini-  sum  number  of  units  required  for  successful  system  operation. 

If  one  were  to  associate  with  each  Border  State,  the  Product  of  the  Proportion  of  time  in  that  state  (Atl)  and 
the  Sum  of  the  Failure  rates  of  the  operating  units  in  that  state  (A,,)  and  an  arbitrarily  long  system 
operational  period  T the  (Note  T includes  the  time  that  the  systc  n is  operating  satisfactorily  and  the  time 
the  system  is  down  for  repair)  term: 


\ 

\ 

X 
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would  represent  the  expected  number  of  failures  anticipated  from  Border  state  i over  an  arbitrarily 
long  period  of  time  T. 

If  one  were  to  sum  this  result  for  all  Bonier  States,  K,  making  up  system  state  N (recalling  system 
state  N+l  is  a failed  state). 

K 

T r A_  die  number  of  failures  expected  in  System 

^2*31  Ri  operational  time  T from  Border  States.  (3.66) 

(Recall  failures  can  occur  only  from  Border  States,  therefore  all  system  failures  occur  from  Border 
States). 

If  one  were  to  sum  the  substate  availabilities  (A*)  of  all  the  s'ates  in  which  the  system  satisfactorily 
operates  (including  Border  States)  and  multiply  that  sum  by  the  same  arbitrarily  long  period  of  time  T 


SI  (*  f 

T T.  Z d A 
j*0  i-1 


m 

ji 


the  total  time  that  the  system  Is 
operating  satisfactorily. 


(3.67) 


A 

The  availability  of  substatc  i associated  with  system  state  j. 
Z,  - Number  of  sub.states  associated  with  system  state  j. 

The  ratio  of  (3.66)  to  (3.67)  is: 


number  of  failures  expected 
Total  operating  time 


A 

" Average  time  to  system  failure 

K (3.68) 

T.  ^ measured  iteady  state  - Mg 


This  measures  the  actual  perceived  average  time  to  system  failure  over  the  life  use  of  the  system.  It 
is  important  to  note  that  since  we  are  using  state  N as  a minimum  operating  stare,  the  model  indicates 
that  os  mjom  as  the  system  fails,  it  enters  state  (N+l).  The  system  is  then  operational  again  as  soon  as 
repair  puts  it  into  State  N.  Rach  cycle  of  operation-failure  for  the  system  (after  the  first  system  failure) 
then  starts  in  State  N and  ends  in  State  (N+ 1). 

The  average  time  to  failure  (M.)  is  in  reality,  the  mean  time  to  go  from  state  N to  state  (N+l)  or 
K(N+  1/N). 

Therefore,  (3.68)  may  be  rewritten  as: 
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(3.69) 


N Z 
Z Z 


j 


j°Q  1-1 


Ji 


i-L  Bl  *Bi 


E(N+i/N)-  Mn 


Taking  a two-unit  redundant  system  aa  an  example  (X,  and  p of  beta  unit*  identical)  and  applying 
(3.69) 


E(N+1/N)-  E(2/l)-  - 2l^"  (3  .70) 

(V+A)2 


which  ia  identical  to  the  result  which  would  occur  when  equation  (3.55)  of  the  previous  section  is 

applied  to  evaluate  F<N+1/N). 

For  the  next  step,  define  a new  criteria  for  system  failure  follows:  if  a minimum  of  D operating 
units  out  of  L were  originally  necessary  for  system  operation,  assume  now  that  a minimum  of  (D+ 1) 
operating  unit*  out  of  L is  required  for  system  operation.  Determine  new  values  of  A*,  A*,  as  before 
and  apply  equation  (3.69)  once  more  making  N=*=(N-1).  By  changing  the  failure  criteria  from  D to 
(D+ 1)  the  application  of  (3.69)  really  evaluates  the  expected  time  to  go  from  state  (N-l)  to  state  N 

E(N/N-1) 

Repetition  o f the  above  a number  of  times  until  the  boundary  state  shifts  fr-.  :m  N to  1 (sec  state  chart  at 
beginning  of  section)  results  in  the  following  summation: 


vv 


E(.]+l/j)-  M-  Mean  time  to  failure  for  the 
system  assuming  all  units 


were  operable  at  t«  0. 


or: 


M 

T Z Z“ 
j-N+1  i-1 


3 
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A,j—  Availability  of  any  substate  in  state  j 
A„—  A(,(i+1),  A„  (i+2),  Aa 

A,^  Availability  of  any  border  state  (all  border  states  have  same  availability  if  all  units  identical). 
In  the  event  that  all  units  have  identical  values  of  X and  fx  (3.71)  reduces  to: 


A^,,-  Availability  of  any  substate  in  system  state  (N-v) 


D+v 

Vv)“  2 \ 

1*1 

A,  «=  failure  rate  of  the  i*  operating  unit  in  state  (N-v). 
For  the  two-unit  redundant  example  previously  described: 


M - 


a 

M- 


A2ttu_ 

2\2 

-U+3X 

o2 


which  of  course  duplicates  the  results  of  (3.72) 

As  can  be  seen,  this  procedure  like  the  preceding,  has  the  advantages  of  simplification  and  time 
over  the  classical  methods  to  evaluate  the  mean  time  to  failure  of  a full-on  system.  It  has  one 
advantage  over  the  previous  expectation  transition,  combination  method  in  that  it  is  capable  of 
handling  systems  of  parallel  units  of  different  values  of  A and  fj..  Its  shortcoming  is  that  the  reliability 
of  the  system  expressed  as  the  probability  that  the  system  will  operate  over  an  interval  of  time  (0,T) 
with  no  failure,  cannot  be  determined. 


3.7  Systems  Periodically  Maintained 

In  previous  sections,  we  have  considered  systems  which  were  not  maintained,  and  systems  which 
were  maintained  immediately  after  failure.  In  this  section,  we  will  consider  redundant  systems  which 
are  only  periodically  maintained  (a  system  is  placed  in  operation,  then  left  unattended;  every  T hours  a 
maintenance  team  visits  the  system  and  repairs  all  unit  failures).  Let 

fit)  = density  function  of  failure  for  the  redundant  system. 

Then  T 

R(T)  - 1 - f f(t)dt  = probability  that  the  system  will  be  on  at  the  end  of  T. 

0 

If  the  system  is  still  operating  at  T,  then  the  operating  time  for  system  is  T.  If  the  system  fails  at  t in 
(0,T),  then  the  operating  time  for  system  is  t.  Therefore,  the  average  uninterrupted  operating  time  of  a 
system  in  (0,T),  Mr,  is  given  by 


Mt  « TR(T)  + 


fT 

tf (t)dt 

•*0 


* TR(T)  + t(l~R(t)) 


T(l-R(t))dt 


rT 

R(t)dt 
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It  is  possible  for  a system  to  fail  before  the  first  cycle  (0,T)  is  complete  or  it  is  possible  that  the  system 
will  not  fail  until  the  Nth  cycle  is  complete.  Therefore,  if  we  had  a large  number  of  such  systems  (X) 
in  the  field  and  intended  to  so  maintain  these  over  a long  period: 

R(T)  = proportion  of  systems  surviving  the  first  cycle  with  no  failure 
R(T)2  = proportion  of  systems  surviving  2 cycles  with  no  failure 
R(T)'  — proportion  of  systems  surviving  3 cycles  with  no  failure 


of  the  original  X 
before  failure 

N R(T)N X systems  would  operate  unintcrruptably  for  an  additional  MT  hours. 

And  the  average  uninterrupted  operating  time  to  first  failure  per  system  is 


R(T)N  Proportion  of  system  surviving  the  first  N cycles  with  no  failure.  Therefore, 

systems 

Cycle  No. 

1 X systems  would  operate  unintcrruptably  for  an  average  of  MT  hours  each 

2 R(T)X  systems  would  operate  unintcrruptably  for  an  additional  M,  hours. 

3 R(T)3X  systems  would  operate  unintcrruptably  for  an  additional  MT  hours. 


mr  + Z [RdJ1  X M, 


i-1 


X 


r n-i 

- - «r[i  + z &(Tyj 

i-1 


But 


1 + 


a progression  of  the  form 

2.  n 

a,  ar,  ar  ....ax 


i 

l 


c 

\ 


with  sum: 


'n“  r(tT~- 
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Since: 


1-R-(T)  aa  N gets  arbitrarily 


large.  Hence: 

Average  uninterrupted  operating  time  to  first  failure 


[k(t]n  <1  SN  - 


« . 5l- 


T 

/ R(t)dt 

o _r_T_ 


3.8  Impact  of  Redundancy  on  Maintainabilily 

The  analysis  of  redundant  systems  is  almost  always  concerned  with  the  impact  of  that  decision  on 
reliability  or  mean  time  to  failure.  It  is  seldom  related  to  impact  on  maintainability  and  mean  time  to 
repair  K and  total  maintenance  hours  required  (which  impacts  support  cost).  Yet,  redundancy  impacts 
these  areas  critically.  The  following  sections  quantitatively  describe  such  effects. 

3.8.1  Redundancy  Impact  on  Mean  Time  to  Repair  (Full  on  Redundancy) 

Take  a system  composed  of  L units,  D of  which  have  to  operate  in  order  for  the  system  to 
function  satisfactorily.  Recalling  the  notation  of  the  last  section  define  those  states  in  which  the 
system  is  considered  failed.  This  would  be  states: 

N+  1 When  (D-l)  units  are  operating,  (l.-D+l)  under  repair 
N + 2 When  (D-2)  units  arc  operating,  (I.-D+2)  under  repair 

• • • • 

• • • • 

• • • • 

L When  0 units  arc  operating,  L under  repair. 

Define  the  substates  associated  with  each  state  (Z;)  and  the  availability  of  each  substatc  A^ 
(where  Aj,—  the  availability  of  the  ith  substatc  associated  with  each  system  state  j)  Through 
knowledge  of  the  availability  components  of  such  stetes  and  substates,  we  will  form  the  ratio: 

r Expected  time  the  system  is  in  a failed  state  j 

I.  Expected  number  of  transitions  from  an  operational  state  to  a failed  state  (Failures)  J 


= the  expected  time  that  the  (3.75) 
system  is  in  failed  state 


From  (3.67),  the  number  of  failures  expected  in  T: 
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K 

' T/>i 
i-1 


X 


Bi 


L 

Z 


[••1 


1-N+l  i«l 


Ji 


K 

£ABi  A 


.1-1 


Bi 


- average  ayatem  down  time  (3.76) 


when  all  units  have  identical  valuer;  of  X,  and  fi  the  average  system  down  time 


" A»,(N+1) 

‘d>  *B 

For  example,  for  a 2 unit  parallel  system  with  equal  values  of  X and  fi,  the  average  system 
down  time 


(P+X)2 

2X2p 

(u+X)2 


R 

2' 


3.8.2  Redundancy  effect  on  Total  Maintenance  Time  (Full  on  Redundancy) 

Let: 

(1-A,)=  Proportion  of  time  unit  is  under  repair  (assumes  repair  starts  as  soon  as  unit  fails). 
T( I -A  i)—  F.xpectcd  time  unit  is  under  repair  (over  a long  time  interval  0,T). 

( liven  L redundant  units 


L 

T );  (1--A  ) » Total  maintenance  time  expended  (3.77) 

i-1  1 

on  oystein 


If  all  units  have  identical  values  of  X,  and  p.  (3. 7 7)  reduces  to 


XTL 
u+  X 


=»  Total  maintenance  time  expended  (3.78) 
on  system 
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Comparing  the  above  with  a simplex  system  with  total  maintenance  time  expenditure  of: 

XT 

M+X 

It  is  clear  that  with  every  unit  added  to  increase  reliability  maintenance  time  increases  proportionately. 

3.9  Efficient  levels  of  Redundancy 

The  question  arises  as  to  what  degree  redundancy  should  be  applied. 

Should  it  better  be  applied  at  the  system  level,  subsystem  level  or  the  unit  level?  There  is,  of 
course,  no  general  answer  to  this  question.  Much  depends  on  the  nature  of  the  application  at  hand.  In 
some  instances,  due  to  practicality,  cost  or  the  engineering  nature  of  the  system  itself,  only  one  course 
of  action  is  possible.  In  the  event,  however,  that  no  constraints  are  evident  on  the  level  of  redundancy, 
which  level  should  be  chosen? 

Assume  that  the  system  in  question  is  denoted  as  A in  Figure  3.3.  A may  be  partitioned  at  will  into 
(L)  modules,  all  having  identical  failure  rates  and  the  total  failure  rate  of  A— LX.  It  is  necessary  to 
improve  the  reliability  of  A and  the  only  available  means  to  realize  this  improvement  is  through  the 
application  of  redundancy.  How  does  the  level  of  redundancy  chosen  affect  reliability? 

Let  us  assume  that  due  to  reasons  of  economy  only  one  redundant  unit  con  be  considered.  Shall  wc 

(1)  make  system  A redundant  with  System  B (Its  redundant  entity)? 

(2)  break  up  System  A into  I,  modules?  break  up  system  B into  L modules  and  make  each  module 
of  B redundant  to  its  corresponding  A module?  And,  if  we  choose  the  latter,  what  is  the  sensitivity  of 
reliability  to  the  partitioning  scheme  chosen? 

Using  (2.3)  the  mean  time  to  first  failure  (M)  of  the  system  described  equal  to 


M- 


(-1) 


K+l 


L! 


2K 

T. 

k! (l-k) : s-j. 


l 

s 


Since  in  this  case  N-  2 

where:  L~  number  of  modules  the  system  can  be  broken  down  to 

X*  failure  rate  of  each  module 
X0«=LX=  failure  rate  of  the  single  sys':ein 


> L — 
Xo  LX 


mean  time  between  failure  of  the  single  system. 


The  above  equation  may  be  written  as: 


M- 


L 

l 

K-L 


(-1) 


K+l 


L! 

Kl  (L-K) ! 


2K 

E 

S-l 


1 

s 


Treating  L in  the  above  as  a variable  and  as  a constant,  M can  be  evaluated  as  a function  of  the 
degree  of  partitioning  practiced  (the  value  of  L). 


:S4 


From  (2.2)  we  have: 
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M = /*[l  - (l--e  *“)"] 1 dt 


P-  e~At 


Then  (Al)  is  transformed  into: 


- (1-P) 


Recalling  the  special  case  of  the  binomial  series: 

1 ' (I  - (l-p)NJL  , 

_ j — - — ^ 


and  equating  (1-p)  ~ x,  (A2)  is  transformed  into: 


1 I*  r V WN 

l / l r.  Q (-1  r U-p'*™  dp 

\ 0 P k-0 

1 , L T . 1 ..  .k 

- i / .1  dp  +~  >: C)  (-i)k  / 


A 0 p 


A k-ik 


Now  integrating  by  parts  yields: 


l ,,  .kN 

/ ikfci 

0 p 


kN  1 

" * 7 ♦ / ? dP 

s**l  0 
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Taking  Laplace  transform  of  equations  (3.18)  to  (3.20)  and  defining  initial  conditions  yields: 


1-  (2\+s)  PjCa)  - yp^(a) 

0-  - (s+A+p)  Pl(8)  + 2\p2(B)  + 2vPq(b) 
0-  Ap1(s)  - <842u)  pQ(  ) 


1 

i 

j 

J 

1 


the  above  simultaneous  equations  can  be  easily  solved  for  Po(s) 

o(G)= 

“0  s(s+y  hA)  £s+2(p+A)J 

which  implies 


Po(t> 


.2  s2 

+ _J_.  e-2(A+u)t 

(AH-p)2  (A+u)2 


2A2e~  ^A+ll^t 
(A+p) 2 


Noting  that 

P (t)=  P2(t)  + P3(t)->  1 - PQ(t) 

wc  have  (3.25). 


* 
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